Business Consultancy Services Ltd
March 2008
updated August 2010

 

Dear Chief Executive/Managing Partner

 

Industrial espionage – mobile phones

May I bring the following points to your attention, and your colleagues', in case you are not already aware of them:

1 The location of a mobile phone can almost always be determined, wherever it is in the world, often accurate to less than 100 metres. If you are attending a meeting with your mobile, then your presence can be detected. So can the presence of anyone else who is there with their mobile.

1.1 The same applies to satellite phones.

2 Mobile phone records show who you rang and who rang you, when and for how long, as you know from reading the bills. Your associates, the people you are dealing with, can be identified.

3 Since 1 October 2007, 652 public bodies in the UK have had the right to access your mobile phone records. This includes not only the bodies you might expect – the police, the security services, HMRC and the Financial Services Authority – but also every local authority in the country, the Gaming Board for Great Britain, the Food Standards Agency, the Environment Agency, the Scottish Ambulance Service Board, ...

3.1 It must be hard for an industrial spy to find a rotten apple but, with 652 barrels to choose from in the UK alone, the difficulty has been much reduced since last October.

4 Mobile phone conversations can be bugged.

5 That is well known. More extraordinary, it is possible for an eavesdropper, without your knowing it, to turn your mobile phone into a microphone so that all conversation in the vicinity of the phone is transmitted back to the eavesdropper. Hard to believe, but it is confirmed by the FT and the BBC.

5.1 It is possible for your mobile phone to act as a microphone at meetings even if it is switched off. Again hard to believe, again it is confirmed by the FT and the BBC. It doesn't apply to all mobile phones but, with some, when you turn them off, they are not really off, just in standby mode, and the only way really to turn them off is to remove the battery.

6 When Blackberries are used to send and receive emails, those emails all pass through computers controlled by RIM (Research in Motion), the Canadian suppliers of the Blackberry. If they want to, RIM can read your emails [questionable, denied by RIM].

6.1 The same applies to any internet service provider. Many countries, the UK included, have legislation entitling the authorities to read your emails, whether sent from PCs or mobile phones.

6.2 If they find a device that they can't monitor, some countries have been known to ban it. In France, for example, MPs are banned from using Blackberries. And India are currently (10 March 2008) considering a ban on Blackberries nationwide. The reason given is that their security services find it hard to monitor Blackberry emails – either the authorities can read your emails or you can't use the service.

Is an industrial spy going to bother with any of this wizardry to tap into negotiations you would prefer to be confidential? I have no idea. But note that if someone thinks it would give them a commercial advantage, it would be illegal, but they could*.

 

Yours faithfully

David Moss

* Robert Winnett, 21 March 2008, Daily Telegraph, 'Revealed: the dirty tricks of rogue traders':
A hedge fund based in London set up a "dirty-tricks unit" to manipulate share prices and get illicit information on companies in an attempt to make millions on the stock market, an insider has revealed.
As the official hunt began for the rogue traders who tried to bring down Britain's biggest mortgage lender, HBOS, The Daily Telegraph can reveal a whistle-blower's account of how a multi-billion pound fund allegedly used illegal tactics to drive down stock prices.
Private detectives were allegedly employed to hack into executives' emails and telephone records ...
1 August 2010, BBC: UAE 'moves to suspend some Blackberry services':
Blackberry maker Research in Motion (RIM) has not yet commented on the latest UAE reports, which come amid a row dating back to 2007 about allowing TRA [the UAE telecoms regulator] access to the code for RIM's encrypted networks so it can monitor email and other data.
 
Nic Fildes, 5 August 2010, The Times, Indonesia joins threat to ban BlackBerrys:
Indonesia has become the latest country to put pressure on Research in Motion after threatening to ban the use of BlackBerry devices unless the Canadian company sets up local servers ... RIM has been in the spotlight since the United Arab Emirates said that it would ban the instant messaging and e-mail functions used by an estimated 750,000 users in the Gulf state as it was unhappy with the way that the data is encrypted and sent to the technology company’s offshore servers.
 
Jessi Tabalba, 5 August 2010, The Guardian, Saudi BlackBerry messaging ban: security or snooping?:
 
Nic Fildes, 7 August 2010, The Times, BlackBerry ‘near deal to open messages to Saudis’:
The makers of BlackBerry mobile phones appear to have backed down in the face of demands from Saudi Arabia to allow the state to monitor messages sent on its devices ... Saudi Arabia switched off the signal for four hours yesterday citing security concerns over BlackBerry’s encrypted message service, which cannot be read by third parties ... Blackberry’s manufacturer Research In Motion (RIM) stores encrypted data in its home country, Canada, which the Saudis say does not meet their regulatory criteria or licensing conditions ... But today Saudi officials said the two sides had reached a preliminary deal on granting access to users’ data that will avert a ban on the phone’s messenger service in the kingdom.
 
P.C., 9 August 2010, The Economist, Spies, secrets and smart-phones:
... He then went on to say how "mind-boggling" are the capabilities of America's National Security Agency and its British counterpart, GCHQ. To this blogger, that sounded like: "Yes of course we can hack Skype calls and all the rest, but we have to pretend we can't".